You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How can this be configured to allow for password management using least privilege?
To allow for password management using least privilege, the correct approach is to configure the UNIX platform to use the correct logon account. This ensures that the CPM can log in using a secondary account with the necessary permissions instead of directly using the root account. By doing this, the CPM gains the ability to manage the root account's password without having direct root access, which adheres to the principle of least privilege.
The logon account can be defined on the target account level or on the platform level, making it available to all accounts associated with the platform. Note: Logon accounts can also be defined for PSM and PSM for SSH connections. In this case, they can be retrieved from the account level only. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PASIMP/Linked-PAS-Accounts.htm#Overview
C. Configure the UNIX platform to use the correct logon account is the correct answer. This is because the logon account is the secondary account that the CPM uses to first log into the UNIX system before switching to the root account for password management. The logon account provides the CPM with the necessary permissions to manage the root account's password without having direct root access.
C is the correct answer. must be logon account for UNIX.
Configure the UNIX platform to use the correct logon account.
C is correct
The question mentioned password management. Its a tricked question..
it always a best practices from CyberArk Vendor or Principle. When cannot direct login with Using Root or others high privilege ID Logon Account/ID will be the secondary login ID, then only others ID can login.
Deve ser inserido a conta de logon na conta/plataforma da conta root